183 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fixed potential memory corruption in ipmicreateuser. The “intf” list iterator becomes an invalid pointer if the correct “intf-intfnum” is not found. Calling atomicdec&intf-nrusers with an invalid pointer will lea...
CVE-2025-41078
Viafirma Documents v3.7.129 is affected by an authorization weakness that allows an authenticated, unprivileged user to enumerate and access other users’ data, use user-management features (creation, modification, deletion), and escalate privileges by impersonating other users during document gen...
PT-2026-2167
Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description The application does not verify the authenticity of client requests, leading to a cross-site request forgery condition. An attacker can potentially trick a logged-in user into submitting...
Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover
Summary A privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new...
GHSA-CJCP-QXVG-4RJM Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover
Summary A privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new...
EUVD-2025-198420
LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...
CVE-2023-7323
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
EUVD-2020-30817
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
CVE-2023-7323
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2023-7323
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
CVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
CVE-2023-7323
CVE-2023-7323 affects Nagios Log Server prior to 2024R1, with an XSS vulnerability caused by insufficient validation/escaping of user input in the Create User function. The impact is potential arbitrary script execution in a victim’s browser. Publicly disclosed details across Red Hat, EUVD, and v...
CVE-2020-36858 Nagios Log Server < 2.1.6 XSS via Create User, Edit User, & Manage Host Lists Pages
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in t...
CVE-2020-36858
Nagios Log Server is affected by a cross-site scripting (XSS) vulnerability in versions prior to 2.1.6, exposed via the web interface on Create User, Edit User, and Manage Host Lists pages. The root cause is insufficient validation/escaping of user-supplied input, allowing an attacker to inject a...
PT-2025-44495
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1 Description Nagios Log Server versions prior to 2024R1 are susceptible to cross-site scripting XSS through the Create User function. Insufficient validation or escaping of user-supplied input could...
PT-2025-44464
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2.1.6 Description Nagios Log Server versions prior to 2.1.6 contain cross-site scripting XSS issues through the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validati...